update validation readme

2026-01-14 12:14:40 +01:00 · 2022-05-18 09:29:47 -07:00
parent 6f1fc6a996
commit 5bd43a54e5
2 changed files with 54 additions and 4 deletions
--- a/recipes/authorization.md
+++ b/recipes/authorization.md
@@ -1,10 +1,12 @@
 ## Authorization

-The `createContext`-function is called for each incoming request so here you can add contextual information about the calling user from the request object. Learn more about authorization [here](https://trpc.io/docs/authorization).
+The `createContext`-function is called for each incoming request so here you can add contextual information about the calling user from the request object.
+
+## Create context from request headers

 ```ts
 // ~/server/trpc/index.ts
-import * as trpc from '@trpc/server'
+import type * as trpc from '@trpc/server'
 import type { CompatibilityEvent } from 'h3'
 import { decodeAndVerifyJwtToken } from '~/somewhere/in/your/app/utils'

@@ -28,8 +30,16 @@ export async function createContext({ req }: CompatibilityEvent) {
  }
 }

+type Context = trpc.inferAsyncReturnType<typeof createContext>
+
+// [..] Define API handler and app router
+```
+
+## Option 1: Authorize using resolver
+
+```ts
 export const router = trpc
-  .router<inferAsyncReturnType<typeof createContext>>()
+  .router<Context>()
  // open for anyone
  .query('hello', {
    input: z.string().nullish(),
@@ -49,3 +59,41 @@ export const router = trpc
    },
  })
 ```
+
+## Option 2: Authorize using middleware
+
+```ts
+import * as trpc from '@trpc/server'
+import { TRPCError } from '@trpc/server'
+import { createRouter } from '../createRouter'
+
+export const router = trpc
+  .router<Context>()
+  // this is accessible for everyone
+  .query('hello', {
+    input: z.string().nullish(),
+    resolve: ({ input, ctx }) => {
+      return `hello ${input ?? ctx.user?.name ?? 'world'}`
+    },
+  })
+  .merge(
+    'admin.',
+    createRouter()
+      // this protects all procedures defined next in this router
+      .middleware(async ({ ctx, next }) => {
+        if (!ctx.user?.isAdmin)
+          throw new TRPCError({ code: 'UNAUTHORIZED' })
+
+        return next()
+      })
+      .query('secret', {
+        resolve: ({ ctx }) => {
+          return {
+            secret: 'sauce',
+          }
+        },
+      }),
+  )
+```
+
+Learn more about authorization [here](https://trpc.io/docs/authorization).
--- a/recipes/validation.md
+++ b/recipes/validation.md
@@ -1,6 +1,6 @@
 ## Validation

-tRPC works out-of-the-box with yup/superstruct/zod/myzod/custom validators. Learn more about input validation [here](https://trpc.io/docs/router#input-validation).
+tRPC works out-of-the-box with yup/superstruct/zod/myzod/custom validators.

 ## Input Validation

@@ -45,3 +45,5 @@ export const router = trpc
    },
  })
 ```
+
+Learn more about input validation [here](https://trpc.io/docs/router#input-validation).